package com.longyou.gateway.security;


import com.longyou.gateway.security.handler.AuthenticationFailHandler;
import com.longyou.gateway.security.handler.AuthenticationSuccessHandler;
import com.longyou.gateway.security.handler.CustomServerLogoutSuccessHandler;
import com.longyou.gateway.util.MD5PasswordEncoder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;

@EnableWebFluxSecurity
public class SecurityConfig {


    @Autowired
    private AuthenticationSuccessHandler authenticationSuccessHandler;
    @Autowired
    private AuthenticationFailHandler authenticationFailHandler;
    //    @Autowired
//    private CustomHttpBasicServerAuthenticationEntryPoint customHttpBasicServerAuthenticationEntryPoint;
    @Autowired
    private CustomServerLogoutSuccessHandler customServerLogoutSuccessHandler;


    @Bean
    SecurityWebFilterChain webFluxSecurityFilterChain(ServerHttpSecurity http) throws Exception {
//        List<LoginTypeEnum> services = discoveryClient.getServices();
//        services.forEach((value)->{
//            excludedAuthPages.add("/"+value.toUpperCase()+"/**");
//        });
        HttpBasicServerAuthenticationEntryPoint basicAuthentication = new HttpBasicServerAuthenticationEntryPoint();
        basicAuthentication.setRealm("unknowMan");
        http.authorizeExchange()
            .pathMatchers("/**")
            .permitAll()  //这里只做登录和生成token,最终的强制登录校验由core里的SecurityFilter进行校验
            .pathMatchers(HttpMethod.OPTIONS)
            .permitAll() //option 请求默认放行
            .anyExchange()
            .authenticated()
            .and()
            .httpBasic()
            .and()
            .formLogin()
            .loginPage("/auth/login")
            .authenticationSuccessHandler(authenticationSuccessHandler) //认证成功
            .authenticationFailureHandler(authenticationFailHandler) //登陆验证失败
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(basicAuthentication)  //基于http的接口请求鉴权失败
            .and()
            .csrf()
            .disable()//必须支持跨域
            .logout()
            .logoutSuccessHandler(customServerLogoutSuccessHandler)
            .logoutUrl("/auth/logout");

        return http.build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new MD5PasswordEncoder(); //默认
    }
}
